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Description 



METHOD AND SYSTEM TO DISTRIBUTE 

POLICIES 

Background of Invention 

[0001] The present invention relates to policies for software ap- 
plications, network management, e-commerce or busi- 
ness and the like, and more particularly to a system and 
method to distribute policies or the like. 

[0002] Policies may be defined or developed to control software 
applications, network management, e-commerce or busi- 
ness or similar communication or data processing activi- 
ties. Such policies may include "if-then" clauses or similar 
statements or definitions. An example of one policy may 
be "if some precondition, then perform some predefined 
action, or set some value or the like." In another example, 
the policy may be "if some precondition and some other 
precondition or preconditions, then perform some prede- 
fined action, set some value or the like." Policies can have 
a typical lifecycle. Over time, policies may be updated to 



meet changing conditions or needs or may become out- 
dated and deleted or changed to new policies. Efficiently 
defining, storing, distributing and enforcing policies can 
be a challenge. Under some circumstances only minor 
changes or selected parameters or values used in a policy 
or related group of polices may need to be changed. 
Defining an entirely new policy or set of policies, storing 
the entirely new policy or policies, distributing the policies 
to all enforcement points and making adjustments at each 
of the enforcement points to implement and enforce the 
policies may be burdensome, time consuming and involve 
inefficient use of limited data processing, storage and 

communication resources. 
Summary of Invention 

[0003] | n accordance with an embodiment of the present inven- 
tion, a method to distribute policies may include trans- 
mitting one of an identification (ID) assigned to a policy 
template or the policy template associated with each pol- 
icy to an enforcement point or selected enforcement 
points for enforcement or implementation. Only the ID 
rather than the entire template need be transmitted to the 
enforcement point if the enforcement point already has 
the template. The method may also include transmitting 



one set of parameters or variable values to be used in 
each policy template to the enforcement point or selected 
enforcement points. 
[0004] | n accordance with another embodiment of the present in- 
vention, a method to distribute policies may include 
defining a policy template associated with each policy. A 
unique identification (ID) may be assigned to each policy 
template and the policy template and ID may be stored. 
One of the assigned ID or the policy template for each 
policy to be enforced or implemented may be transmitted 
to each enforcement point intended to enforce the policy. 
The assigned ID rather than the entire template may be 
transmitted if the enforcement point already has the pol- 
icy template. 

[0005] | n accordance with another embodiment of the present in- 
vention, a system to distribute policies may include a pol- 
icy administrator to define policy templates and to trans- 
mit one of an ID assigned to a policy template or the pol- 
icy template associated with each policy to be enforced. 
An enforcement point may receive the ID assigned to the 
policy template or the template for each policy to be en- 
forced. The enforcement point may then enforce or imple- 
ment the policy. 



[0006] | n accordance with another embodiment of the present in- 
vention, a system to distribute policies may include means 
for defining a policy template associated with each policy. 
The system may also include means for assigning a 
unique ID to each policy template. A repository or similar 
storage device may store each policy template and as- 
signed ID. The system may further include means for 
transmitting the assigned ID to an enforcement point, if 
the enforcement point already has the policy template. In 
another embodiment, the policy template for each policy 
to be enforced may be transmitted. An enforcement point 
may receive the assigned ID or policy template for each 
policy to implement or enforce the policy. 

[0007] | n accordance with another embodiment of the present in- 
vention, a computer-readable medium having computer- 
executable instructions for performing a method may in- 
clude defining a policy template associated with each pol- 
icy. The method may also include assigning a unique ID to 
each policy template. The assigned ID rather than the 
complete policy template may be transmitted to the en- 
forcement point for each policy to be enforced, if the en- 
forcement point already has the template. In another em- 
bodiment, the policy template may be transmitted to the 



enforcement point for enforcement, particularly if the en- 
forcement point does not have the template. 
Brief Description of Drawings 

[0008] Figure 1 is a flow chart of a method to define and store a 
policy template in accordance with an embodiment of the 
present invention. 

[0009] Figure 2 is a flow chart of a method to distribute policies 
in accordance with an embodiment of the present inven- 
tion. 

[0010] Figure 3 is a flow chart of a method to distribute policies 
in accordance with another embodiment of the present in- 
vention. 

[001 1] Figure 4 is a example of a system to distribute policies in 

accordance with an embodiment of the present invention. 
Detailed Description 

[0012] The following detailed description of preferred embodi- 
ments refers to the accompanying drawings which illus- 
trate specific embodiments of the invention. Other em- 
bodiments having different structures and operations do 
not depart from the scope of the present invention. 

[0013] Figure 1 is a flow chart of a method 100 to define and 

store a policy template in accordance with an embodiment 



of the present invention. In block 102 a policy template 
associated with each policy may be defined. The policy 
template may be defined by a policy administrator or the 
like as described in more detail with respect to Figure 4. 
The policy template may be defined or formed as a struc- 
tured document. For example, the policy template may be 
formed in a mark-up language, such as extensible mark- 
up language (XML) or the like. An example of a policy 
document including policy templates in XML may be: 

<PolicyDocument> 

<HeaderInformation> 

<Policy> 

<precondition> if clause </precondition> 
<decision> then clause </decision> 
</Policy> 

■ ■ ■ 

<Policy> 

• • ■ 

</Policy> 

</PolicyDocument> 



[0015] Accordingly, the template may be in the form of an "if- 
then" clause or similar clause or statement, "if some pre- 
condition or preconditions, then some decision is made." 



The decision may be to perform some action, set a value 
or some other action or inaction. For example a template 
in XML may take the form, "if <shift> and <customer 
level> then <response time goal>," where "shift" might, 
for example, take legal values, "first", "second" and 
"third"; "customer level" might take "gold", "silver" and 
"bronze"; and "response time goal" might take "100ms", 
"500ms", or "1000ms". Shift, customer level and response 
time goal may be referred to as parameters, variables or 
values that can be specified and changed from time to 
time to update the template and associated policy. As will 
be described in more detail herein, the templates and pa- 
rameters may be transmitted separately for more effi- 
ciency and to reduce transmission costs by factoring the 
templates and parameters or data to be used in the tem- 
plates. Different parameters may be transmitted from time 
to time without the need of transmitting the templates 
again thus increasing efficiency and reducing costs. 
[0016] | n block 104, a unique identification (ID) may be assigned 
to each policy template. The ID may be a serial number or 
a more descriptive identification of the template. As will 
be discussed in more detail herein, in at least one embod- 
iment of the present invention, the ID may be transmitted 



rather than the complete policy template for efficiency 
and to reduce transmission costs and the use of limited 
data processing and communication resources. 

[0017] | n block 106, the policy template and its assigned ID as- 
sociated with each policy may be stored in a repository or 
other data storage device or source. The policy templates 
may be indexed in the repository by their respective IDs. 

[0018] Figure 2 is a flow chart of a method 200 to distribute 

policies in accordance with an embodiment of the present 
invention. The method of 200 may be a follow-on or con- 
tinuation of the method 100 of Figure 1. The policy tem- 
plates may be defined and stored in blocks 102 and 106 
at different times and then distributed in method 200 at 
other times. In block 202, at least one set of parameters, 
variables, values or the like to be associated with each 
policy template may be identified or defined by a policy 
administrator or the like, or parameters may be identified 
or defined to be associated with a selected policy tem- 
plate. The parameters will be substituted or bound into 
the policy template for enforcement of the policy at an 
enforcement point. The parameters may be preconditions, 
values that are set if one or more preconditions are met, 
an operation to be performed if one or more precondi- 



tions are met or the like. Each parameter or set of param- 
eters may be identified by name and type of parameter. 
Examples of types of parameters may include a precondi- 
tion, a value, type of operation or function or the like. 
Each parameter or set of parameters may also be stored 
by the name and type of parameter or set of parameters. 
The parameters may be updated or changed from time to 
time in a selected policy template. 
[0019] | n block 204, a policy template ID may be transmitted by a 
policy administrator or the like to an enforcement point or 
to selected enforcement points for each policy to be en- 
forced by the enforcement point or selected enforcement 
points. In block 206, the one set of parameters to be used 
in each associated policy template may be transmitted by 
the policy administrator to the respective enforcement 
points. In block 208, each enforcement point may deter- 
mine if the policy template corresponding to each re- 
ceived template ID is present or stored at the enforcement 
point. If the policy template is available at the enforce- 
ment point, the method 200 may advance to block 216 
and the enforcement point may substitute or bind the pa- 
rameters to each associated policy template for enforce- 
ment. If the policy template is not present or stored at the 



enforcement point, the method 200 may advance to block 
210. In block 210, the enforcement point may transmit a 
query to a repository or the like, where policy templates 
are stored or maintained. The query may be sent in re- 
sponse to each policy template corresponding to any IDs 
transmitted to the enforcement point that are not present 
or stored at the enforcement point. In block 212, any pol- 
icy templates may be transmitted to the enforcement 
point in response to the query including any IDs assigned 
to the transmitted policy templates. Asynchronous, out- 
of-band communication or signaling may be applied or 
used to transmit queries and any policy templates. Com- 
pression may also be used to transmit templates and pa- 
rameters to conserve communication resources. Any type 
of data compression and decompression techniques may 
be used, such as Lempel-Ziv (LZ) compression or the like. 
Templates may also be grouped for efficient distribution 
and for transactional distribution. 
[0020] | n block 214, the enforcement point may store the tem- 
plate. The enforcement point may also store the parame- 
ters associated with the template or to be used in the 
template. Each parameter or set of parameters may be 
stored by an associated name and type of parameter or 



set of parameters. In block 216, the enforcement point 
may bind or substitute the parameters into the associated 
template. In block 218, the enforcement point may begin 
implementing or enforcing the policy associated with the 
template. 

[0021] Figure 3 is a flow chart of a method 300 to distribute 
policies in accordance with another embodiment of the 
present invention. Method 300 is similar to method 200 
of Figure 2 except the template itself may be transmitted 
to the enforcement point rather than the ID. Alternatively, 
both the ID and the template may be transmitted to the 
enforcement point or points. In block 302, at least one set 
of parameters may be identified or defined to be associ- 
ated with each policy template. As previously discussed, 
each parameter or set of parameters may be identified 
and stored by a name or identification and a type of pa- 
rameter. In block 304, a policy template may be transmit- 
ted to each enforcement point for each policy to be en- 
forced by the respective enforcement points. Each policy 
template may be compressed using data compression 
techniques or algorithms prior to transmission to each 
enforcement point. In block 306 one set of parameters to 
be used in each associated policy template for enforce- 



ment may be transmitted to each enforcement point en- 
forcing the policy associated with each template. 

[0022] | n block 308, a determination may be made if the en- 
forcement point already has the policy template. If the 
policy template is present or stored at the enforcement 
point, the method 300 may advance to block 312. If the 
transmitted policy template is not currently available or 
stored at the enforcement point, the enforcement point 
may store the new template in block 310 before the 
method advances to block 312. In block 312, the enforce- 
ment point may bind the parameters to the associated 
template. In block 314, the enforcement point may begin 
implementing or enforcing the policy corresponding to 
the policy template. 

[0023] Figure 4 is an example of a system 400 to distribute poli- 
cies in accordance with an embodiment of the present in- 
vention. Elements of the methods 100, 200 and 300 of 
Figures 1, 2 and 3, respectively, may be embodied in and 
performed by the system 400. The system 400 may in- 
clude one or more policy administrators 402 and one or 
more enforcement points 404. Each policy administrator 
402 may include a processor 406, one or more input de- 
vices 408 and one or more output devices 410. The pro- 



cessor 406, input devices 408 and output devices 410 
may facilitate defining policy templates 412 and assigning 
an ID 414 to each policy template 412. The processor 
406, input devices 408 and output devices 410 may also 
facilitate transmitting one of the ID 414 or the policy tem- 
plate 412 associated with each policy to be enforced to 
the respective enforcement points 404 enforcing the pol- 
icy. The processor 406, input devices 408 and output de- 
vices 410 may further facilitate identifying or defining pa- 
rameters 416 or sets of parameters 416 associated with 
each template 410. The input devices 408 may include a 
keyboard, pointing device, voice recognition system or the 
like. The input devices 408 may also include optical, mag- 
netic, infrared or radio frequency input devices or combi- 
nation input/output devices, such as disk drives or the 
like. The input devices 408 may receive read or download 
software, computer-executable or readable instructions or 
the like, such as software 418 that may embody elements 
of the methods 100, 200 and 300. The software 418 may 
be downloaded from a communication network, system or 
medium, such as network or medium 420. The communi- 
cation network 420 or medium may be any communica- 
tion system including byway of example, dedicated com- 



munication lines, telephone networks, wireless data trans- 
mission systems, two-way cable systems, customized 
computer networks, interactive kiosk networks, the Inter- 
net or the like. The system or medium 420 may also be or 
form part of a communication channel, memory or similar 
devices. 

[0024] The output devices 410 may include a display or monitor, 
printer, audio system or the like. The output devices 410 
may also be coupled to a communication system, network 
or medium, such as the network or medium 420. The pro- 
cessor 406 may also include a browser 414 or the like to 
facilitate accessing the network or medium 420. 

[0025] Each enforcement point 404 may include a processor 424, 
one or more input devices 426 and one or more output 
devices 428. The processor 424, input devices 426 and 
output devices 428 may facilitate the enforcement point 
404 receiving the ID 414 assigned to the policy template 
412 or the policy template 412 itself for each policy to be 
enforced by the enforcement point 404. The processor 
424, input devices 426 and output devices 428 may be 
similar to the processor 406, input devices 408 and out- 
put devices 410 of each policy administrator 402. The en- 
forcement point processor 424 may also include software 



430, computer- read able or computer-executable instruc- 
tions or the like that may embody elements of the meth- 
ods 200 and 300 of Figures 2 and 3. Each enforcement 
point 404 may also include a browser 432 or the like to 
facilitate access to the communication network or medium 
420. Each enforcement point 404 may also include a data 
source 434 that may store each policy template 412 and 
the associated or assigned ID 414 for enforcement of the 
policy corresponding to the template 412 by the enforce- 
ment point 404. The data source 434 may also parame- 
ters 416 bound to the template 412. 
[0026] The system 400 may also include a repository 436 to 
store the policy templates 412 and IDs 414 assigned to 
each policy template 412. The repository 436 may also 
store parameters 416 or sets of parameters 416 associ- 
ated with each policy template 412. As previously de- 
scribed, an enforcement point 404 may form and transmit 
a query in response to each policy template 412 corre- 
sponding to any IDs 414 transmitted by a policy adminis- 
trator 402 not being present or stored at the enforcement 
point 404. The enforcement point 404 and repository 436 
may apply asynchronous, out-of-band communication to 
transmit the query and any policy templates 412 corre- 



sponding to the query. The repository 436 may also in- 
clude software and hardware to compress each policy 
template 412 before transmission to the enforcement 
point 404 to conserve resources. Alternatively, the policy 
templates 412 may be stored in a compressed format to 
further conserve resources. 

[0027] The system 400 may also include a server 438, processor 
or the like to interface between each of the policy admin- 
istrators 402, enforcement points 404 and repository 436. 
The server 438 may include software 440, computer-ex- 
ecutable or computer-readable instructions or the like for 
operation of the system 400 in storing and distributing 
policy templates 412 and associated parameters 416 as 
described herein. 

[0028] Elements of the present invention, such as methods 100, 
200 and 300 of Figures 1, 2 and 3, respectively may be 
embodied in hardware and/or software as a computer 
program code that may include firmware, resident soft- 
ware, microcode or the like. Additionally, elements of the 
invention may take the form of a computer program prod- 
uct on a computer-usable or computer-readable storage 
medium having computer-usable or computer-readable 
program code embodied in the medium for use by or in 



connection with a system, such as system 400 of Figure 4. 
Examples of such a medium may be illustrated in Figure 4 
as input devices 408 and 426 or network 420. A com- 
puter-usable or readable medium may be any medium 
that may contain, store, communicate or transport the 
program for use by or in connection with a system, such 
as system 400. The medium, for example, may be an 
electronic, magnetic, optical, electromagnetic, infrared or 
semiconductor system or the like. The medium may also 
be simply a stream of information being retrieved when 
the computer program product is "downloaded" through a 
network, such as network 420, the Internet or the like. 
The computer-usable or readable medium could also be 
paper or another suitable medium upon which the pro- 
gram may be printed. 
[0029] Although specific embodiments have been illustrated and 
described herein, those of ordinary skill in the art appre- 
ciate that any arrangement which is calculated to achieve 
the same purpose may be substituted for the specific em- 
bodiments shown and that the invention has other appli- 
cations in other environments. This application is in- 
tended to cover any adaptations or variations of the 
present invention. The following claims are in no way in- 



tended to limit the scope of the invention to the specific 
embodiments described herein. 



